Skip to main content

Intel Is Patching Its 'Zombieload' CPU Security Flaw For the Third Time

An anonymous reader quotes a report from Engadget: For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the speculative functionality of its processors. On Monday, the company said it will issue a software update "in the coming weeks" that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws. This latest update comes after the company released two separate patches in May and November of last year.

Compared to the MDS flaws Intel addressed in those two previous patches, these latest ones have a couple of limitations. To start, one of the vulnerabilities, L1DES, doesn't work on Intel's more recent chips. Moreover, a hacker can't execute the attack using a web browser. Intel also says it's "not aware" of anyone taking advantage of the flaws outside of the lab. In response to complaints of the company's piecemeal approach, Intel said that it has taken significant steps to reduce the danger the flaws represent to its processors.

"Since May 2019, starting with Microarchitectural Data Sampling (MDS), and then in November with TAA, we and our system software partners have released mitigations that have cumulatively and substantially reduced the overall attack surface for these types of issues," a spokesperson for the company said. "We continue to conduct research in this area -- internally, and in conjunction with the external research community."


from Slashdot: News for nerds, stuff that matters https://ift.tt/2Gr6fsb
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Dark Mode vs. Light Mode: Which Is Better?

Recently a well-respected UI consulting firm (the Nielsen Norman Group) published their analysis of academic studies on the question of whether Dark Mode or Light Mode was better for reading? Cosima Piepenbrock and her colleagues at the Institut für Experimentelle Psychologie in Düsseldorf, Germany studied two groups of adults with normal (or corrected-to-normal) vision: young adults (18 to 33 years old) and older adults (60 to 85 years old). None of the participants suffered from any eye diseases (e.g., cataract)... Their results showed that light mode won across all dimensions : irrespective of age, the positive contrast polarity was better for both visual-acuity tasks and for proofreading tasks... Another study, published in the journal Human Factors by the same research group, looked at how text size interacts with contrast polarity in a proofreading task. It found that the positive-polarity advantage increased linearly as the font size was decreased: namely, the smaller the fon...
Post a Comment
Read more

Hate Those Robocalls? This Service Lets You Sue Them for Up to $3,000 Per Annoying Call

2 hrs ago Save News 2 hrs ago News 2 hrs ago News Hate Those Robocalls? This Service Lets You Sue Them for Up to $3,000 Per Annoying Call Jody Serrano Save Until now, the majority of us might have simply hung up on robocallers. However, there’s now a way to get back at the companies who torment you with endless robocalls that ask you for your information or try to sell you stuff. The solution is called Robo Revenge, a service that lets you sue the unwanted caller for up… from Gizmodo | We come from the future https://ift.tt/2vzIYCv via IFTTT
Post a Comment
Read more

Signal Is Finally Bringing Its Secure Messaging To the Masses

An anonymous reader quotes a report from Wired: [Cryptographer and coder known as Moxie Marlinspike] has always talked about making encrypted communications easy enough for anyone to use. The difference, today, is that Signal is finally reaching that mass audience it was always been intended for -- not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years -- thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream. That new phase in Signal's evolution began two years ago this month. That's when WhatsApp cofounder Brian Acton, a few months removed from leaving the app he built amid post-acquisition clashes with Facebook management, injected $50 million into Marlinspike's end-to-end encrypted messaging project. Acton also joined the newly created Signal Foundation as executive chairman. The pairing up made sense; WhatsApp had used Signal's open source protocol to encrypt all What...
Post a Comment
Read more